Thursday, February 10, 2011

Here is a way how some hackers retain the hacked facebook accounts even after the target changes the password or the hacker himself returns it to the target.
Many of the facebook users are unaware that there is a alternative way to log in the facebook account by linking a alternate email account to it. Not the default email id which you use regularly to log in by typing the email id and password but a different email id. So when you are logged in this alternate email id and open the facebook website it directly logs in your facebook account without even asking the password. If you did not get the concept here is a example. Imagine that your regular email id is "regular@gmail.com" and you add a alternate email id "alternate@gmail.com" in account setting. Now when you are logged in "alternate@gmail.com"
and open facebook website it redirects you and directly opens your facebook account. So here the is procedure how you can add this alternate email id as a backdoor.

Tuesday, February 1, 2011

Firesheep a Firefox addon has recently become very popular for easily carrying out a HTTP session hijacking attack. Http session hijacking attack can't be considered as a very sophisticated attack but needs some technical knowlegde to be performed . But Firesheep makes the attack a child's play. Firesheep was developed by Eric butler for Firefox, it was released at Toorcon 12 to demonstrate how serious cookie stealing can be.
Now lets understand how Firesheep actually works. When you provide your username and password in login forms of different website and submit it, the browser first encrypts the password and then sends it over the network. The corresponding website compares the information against its internal database and if they match, it sends a cookie(a small text file) to your browser. The browser saves this cookie and uses it to authenticate the user on the website every time the user opens a different page of the website. When the user logs out of his account the browser just deletes the cookie. Now the problem is that this cookies are not encrypted before sending over the network, due to this a hacker can capture this cookies and using them authenticate himself as the user from whom the cookie was stolen.
Now lets see how to use Firesheep.